The development of computer technology today has reached very high levels. With the development of computer technology, the quantity of digital data is increasing at even faster-paced rates. At the same time, digital data is vulnerable and need protection from malicious objects such as viruses, Trojan horses, worms, spyware, and other types of malware.
To protect information from malware, antivirus systems are used, the basic task of which is to prevent dangerous activity of malicious objects. But there are situations in which an antivirus system cannot prevent malicious activities in a timely manner. Such situations arise, for example, with the appearance of a new type of malware that cannot be detected by the available means of antivirus systems, since it is unknown to them. Another situation is also possible, in which the malware circumvents the antivirus system, utilizing the vulnerability of the operating system or deficiencies in the antivirus system itself.
Malware that has infiltrated a computer system can exhibit different types of malicious activities: file activity, registry activity, system activity and network activity. During malicious file activity, a malicious object may perform different operations on files, such as the removal, alteration, or creation of new files. Malicious registry activity typically involves the creation, modification, or removal of registry parameters and values. Many cases are well-known, for instance, of registry activity in which a malicious object alters registry parameters so that when the operating system is loaded, the auto-launch of the malware occurs. Malicious system activity may occur when a malware starts or stops processes in a computer system or when it launches new threads of execution in system or program processes. Malicious network activity typically involves the creation of new network connections by a malicious object.
Using these malicious activities, the malware can infiltrate a computer system and gain access to data stored thereon. Therefore, there is a need for detecting malicious activity and restoring data that was damaged, modified or removed as a result of malicious activities.